Metasploitable 3 is a ready made practice target for penetration testing. Vagrant installation takes just minutes.
Don’t run these programs on machines that have national secrets. In fact, don’t put it in your production network, as it’s obviously quite vulnerable. And no, I don’t know what’s in the binaries.
This article has not been tested with a blank computer yet, commands are written from memory.
Prerequisites
Running on Ubuntu 18.04
$ sudo apt-get -y install virtualbox vagrant curl
Create Vagrantfile
$ mkdir metas/ && cd metas/ $ nano Vagrantfile
## Vagrantfile
## http://terokarvinen.com/2018/install-metasploitable-3-vulnerable-target-computer
Vagrant.configure("2") do |config|
config.vm.box = "rapid7/metasploitable3-ub1404"
config.vm.network "forwarded_port", guest: 80, host: 8080
end
Start the Virtual Machine
$ vagrant up
It might throw some errors about SSH authentication. You can CTRL-C those. In case you have to log in, it’s vagrant:vagrant.
$ curl http://localhost:8080
And you can see a web page from Metasploitable 3.
Now open Firefox and browse to http://localhost:8080.
Welcome to Metasploitable! Try out the payroll_app.php.
The words “SQL injection” somehow pop into my mind.
Be careful. Double check IP addresses. Only test with targets that you know are legal, such as this Metasploitable 3 running on your own computer. Disconnect your computer from the Internet if necessary. Don’t do it if you can’t do it safely. Happy hacking!
Adminstrivia
Tested on Xubuntu 18.04.1 LTS amd64.
Updated multiple times: Added some warnings, tips and screenshots. Fixed some text.
Jos Vagrant rupee kettuilemaan ja antaa virheen: /usr/lib/ruby/vendor_ruby/vagrant/action/builtin/box_add.rb:361:in `box_add’: undefined method `name’ for nil:NilClass (NoMethodError)
Niin tuohon auttaa uudemman Vagrant version asentaminen suoraan Vagrantin sivuilta.
Itse ainakin sain vanhemman version 1.8.1 jakelun kautta jolla ei toiminut, mutta uudempi 2.1.2 versiolla lähti toimimaan.